Jump to content

infected by hijacker, please help!


Recommended Posts

Hi, i am new here.

I get very annoying problem with my personal laptop. It's working slower now, and I couldn't open my task manager, regedit command, and restore system. I was trying to run safe mode but it's also not working. I run Malwarebyte's and it detected that my laptop was infected by hijack.taskmanager. It's cleaned, but after i restart my laptop it keep coming again and again.. I am sure that I need suggestion from experts, please help me!

Here I attach the Malwarebyte's log.

Malwarebytes' Anti-Malware 1.27

Database version: 1127

Windows 5.1.2600 Service Pack 2

11/20/2008 8:16:20 AM

mbam-log-2008-11-20 (08-16-03).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 112230

Time elapsed: 42 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\enable task manager and regedit\mws2200.exe (Rogue.MalwareScanner) -> No action taken.

C:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP78\A0019414.exe (Rogue.MalwareScanner) -> No action taken.

C:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP78\A0019463.exe (Rogue.MalwareScanner) -> No action taken.

C:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP78\A0021960.exe (Rogue.MalwareScanner) -> No action taken.

C:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP78\A0022017.exe (Rogue.MalwareScanner) -> No action taken.

C:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP78\A0022089.exe (Rogue.MalwareScanner) -> No action taken.

Link to post
Share on other sites

Hi there jamparing, and welcome to Malwarebytes.

Make sure your running as an administrator on the machine. Allow email from Malwarebytes.org and set your preferences in the User Control Panel to email notifications for replies to your topics. This ensures you make prompt replies back and we get you cleaned in the fastest way possible.

Please set your system to show

all files; Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

If you haven't already, please get these programs, update and run a complete scan removing all items found.

Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time.

Open SB S&D

Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode.

Click on the Tools section and then Resident.

You will see two items.

1. Resident "SD helper" (Internet Explorer bad download blocker.) active

2. Resident "Tea Timer" (Protection of over-all system settings.) active.

Uncheck number 2..

Leave number 1 checked always.

You can enable Tea Timer again if you wish once all special fixes have been done.

Please run a quick scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply.

Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.

Post the logs from the Panda and MBAM scans please, along with a log from this program HiJack This!

You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. Please run and post the scans in this order. You will finish the MBAM first so go ahead and post that log, then move on to Panda and so forth.

I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said.

Be patient and persistent. These things can take time and many procedures.

Link to post
Share on other sites

Hi, Jean. Thank you very much for your quick response, I am really appreciating it. I follow your instruction step by step, and here is the MBAM log.

Malwarebytes' Anti-Malware 1.27

Database version: 1127

Windows 5.1.2600 Service Pack 2

11/21/2008 3:19:10 PM

mbam-log-2008-11-21 (15-19-10).txt

Scan type: Quick Scan

Objects scanned: 41106

Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I will do the next scans and send those logs one by one in the next post. Thank you very much.

Link to post
Share on other sites

I get diffiiculty in posting my Panda ActiveScan log here, since it's too long. So, I post in the attachment, i hope it's fine...

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-11-21 16:45:30

PROTECTIONS: 1

MALWARE: 3

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Zone Alarm Security Suite 7.0.483.000 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

02948524 W32/Sality.AH Virus No 0 Yes No D:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP79\A0022865.exe

02948524 W32/Sality.AH Virus No 0 Yes No D:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP78\A0022232.exe

02948524 W32/Sality.AH Virus No 0 Yes No D:\statistics program\GAUSS\Gauss\Aptech.GAUSS.Engine.v8.0.0.910\Crack\engauss.exe

02948524 W32/Sality.AH Virus No 0 Yes No D:\System Volume Information\_restore{496DE6FE-C0D7-4858-9A56-1A3A58EF429B}\RP78\A0022580.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Deden Dinar Iskandar\My Documents\My Notebook\e-book\WinDjView-0.5.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\Eula.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\LogTransport2.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Adobe\Reader 9.0\Reader\PDFPrevHndlrShim.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgcfgex.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgcmgr.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgdumpx.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgfrw.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgiproxy.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgscanx.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgsrmax.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgui.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\avgupd.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\fixcfg.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\AVG\AVG8\setup.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver2.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Common Files\Microsoft Shared\Web Components\11\DFUICOM.EXE

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Dell\QuickSet\HotKeys.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Dell\QuickSet\LocProfiler.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Dell\QuickSet\powerset.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Dell\QuickSet\QSUI.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Dell\QuickSet\WiFiLocator.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\enable task manager and regedit\sreng2\SREngLdr.EXE

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\enable task manager and regedit\xp_taskmgrenab.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\FreeFixer\freefixer.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\FreeFixer\tools\ffnd\ffnd.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Kamus2\Uninstall.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Microsoft Office\OFFICE11\1033\MSOHELP.EXE

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Microsoft Office\OFFICE11\MSPUB.EXE

03614159 W32/Sality.AK Virus No 0 Yes No C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\UNWISE.EXE

Edited by JeanInMontana
include edited panda scan
Link to post
Share on other sites

Thank you very much Jean, here I attach the updated MBAM Quick Scan Log File and HijackThis Log File...

1. MBAM Quick Scan Log File:

Malwarebytes' Anti-Malware 1.30

Database version: 1414

Windows 5.1.2600 Service Pack 2

11/21/2008 11:16:06 PM

mbam-log-2008-11-21 (23-16-06).txt

Scan type: Quick Scan

Objects scanned: 51073

Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

2. HijackThis Log File:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:12:18 PM, on 11/21/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\OEM02Mon.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{03F38D1F-144D-426C-AE91-B9E6261385E4}: NameServer = 192.168.1.10 192.168.1.130

O17 - HKLM\System\CS1\Services\Tcpip\..\{03F38D1F-144D-426C-AE91-B9E6261385E4}: NameServer = 192.168.1.10 192.168.1.130

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 7250 bytes

Link to post
Share on other sites

Hi again. I'm not seeing malware, and the stuff in the Panda log has to be false positives, they are listing MBAM also.

Couple things to clean up and the cause of your reg edit issue is this O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 It's disabled. I can't find that key at all in my registry, I go as far as System and Policy and there is nothing for Regedit. I'm thinking it's ZoneAlarm or AVG blocking.

Please run HJT in scan only and put a check next to the following then click fix.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Please make sure you do set a start/home page, so we know if your being hijacked. Use Google, or any site of your choice.

How are you running now? MBAM has updated since your last scan also.

Link to post
Share on other sites

Hi jamparing,

I'm sorry for the delay, Jean' isn't available at the moment

If you still require help, please do the following

Download and Run RSIT

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.

    [*]Please post the contents of both log.txt and info.txt.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.